From 28012fbf50982d5830fcb212ee2d4afe871a81a8 Mon Sep 17 00:00:00 2001 From: Tonis Tiigi Date: Tue, 11 Jul 2023 22:46:10 -0700 Subject: [PATCH] llbsolver: fix policy rule ordering The older of rules in policy matters. Eg. in [DENY *, ALLOW ref] mixing the order would deny all sources so map can't be used to deduplicate the rules. Signed-off-by: Tonis Tiigi (cherry picked from commit 22d84461e4ed2e861c15ee1a1695dc75da27a9e3) Signed-off-by: Brian Goff --- solver/llbsolver/solver.go | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/solver/llbsolver/solver.go b/solver/llbsolver/solver.go index d65a9e6490c7..94d25ce5b7b2 100644 --- a/solver/llbsolver/solver.go +++ b/solver/llbsolver/solver.go @@ -977,27 +977,21 @@ func loadEntitlements(b solver.Builder) (entitlements.Set, error) { } func loadSourcePolicy(b solver.Builder) (*spb.Policy, error) { - set := make(map[spb.Rule]struct{}, 0) + var srcPol spb.Policy err := b.EachValue(context.TODO(), keySourcePolicy, func(v interface{}) error { x, ok := v.(spb.Policy) if !ok { return errors.Errorf("invalid source policy %T", v) } for _, f := range x.Rules { - set[*f] = struct{}{} + r := *f + srcPol.Rules = append(srcPol.Rules, &r) } + srcPol.Version = x.Version return nil }) if err != nil { return nil, err } - var srcPol *spb.Policy - if len(set) > 0 { - srcPol = &spb.Policy{} - for k := range set { - k := k - srcPol.Rules = append(srcPol.Rules, &k) - } - } - return srcPol, nil + return &srcPol, nil }